533 matches found
CVE-2026-55435
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...
ROOT-APP-PYPI-CVE-2025-69227 CVE-2025-69227 in rootio-aiohttp - Patched by Root
Root has patched CVE-2025-69227 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing
Summary Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the...
GHSA-WRQ8-FCV5-8HVP Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...
ROOT-OS-DEBIAN-13-CVE-2025-68322 CVE-2025-68322 in rootio-linux - Patched by Root
Root has patched CVE-2025-68322 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2024-49937 CVE-2024-49937 in rootio-linux - Patched by Root
Root has patched CVE-2024-49937 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-39894 CVE-2025-39894 in rootio-linux - Patched by Root
Root has patched CVE-2025-39894 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-21875 CVE-2025-21875 in rootio-linux - Patched by Root
Root has patched CVE-2025-21875 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-23468 CVE-2026-23468 in rootio-linux - Patched by Root
Root has patched CVE-2026-23468 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43169 CVE-2026-43169 in rootio-linux - Patched by Root
Root has patched CVE-2026-43169 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-40283 CVE-2025-40283 in rootio-linux - Patched by Root
Root has patched CVE-2025-40283 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-53176 CVE-2026-53176 in rootio-linux - Patched by Root
Root has patched CVE-2026-53176 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2022-49531 CVE-2022-49531 in rootio-linux - Patched by Root
Root has patched CVE-2022-49531 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2023-52590 CVE-2023-52590 in rootio-linux - Patched by Root
Root has patched CVE-2023-52590 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2024-44958 CVE-2024-44958 in rootio-linux - Patched by Root
Root has patched CVE-2024-44958 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-38022 CVE-2025-38022 in rootio-linux - Patched by Root
Root has patched CVE-2025-38022 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-43072 CVE-2026-43072 in rootio-linux - Patched by Root
Root has patched CVE-2026-43072 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
EUVD-2026-37801
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header...
EUVD-2026-37807
CakePHP: View::element is missing a path containment check...
Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty
Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler...